Change History (1)

The nginx 1.4.6 binary package for CentOS6 as shipped from nginx.org is compiled against openssl-1.0.1 which actually has ECDHE support, and in contrast to previous versions it actually tries to use the value set by ssl_ecdh_curve. Previously, it was silently ignored as nginx packages were compiled against system OpenSSL on CentOS 6.4, which has no ECDHE support.

To find a list of curves supported by OpenSSL library on your host, use:

openssl ecparam -list_curves

CentOS seems to have only secp384r1 and prime256v1 curves available, likely due to use of FIPS variant of the OpenSSL library.